WHITE PAPER Internet File Transfers: Contents

Transcription

WHITE PAPER Internet File Transfers: Contents
WHITE PAPER
Contents
Introduction .................................... 1
Internet File Transfers:
Security Holes and
How to Fix Them
The Problem with FTP .................... 1
Ten Essential Features to Look
for in an FTP Replacement ............. 1
Five Secure Data-Exchange
Scenarios ......................................... 3
Scenario 1: Financial services
company ....................................... 3
Scenario 2: IT organization ................ 3
Scenario 3: Health care
organization .................................. 3
Scenario 4: Manufacturing
company ....................................... 4
Scenario 5: Organizations using
services providers for payroll
and health insurance .................... 4
AttachmateWRQ: Securing Data
in Motion ........................................ 4
File transfer capabilities in SSH ........... 4
File transfer capabilities in SSL/TLS ..... 5
AttachmateWRQ security solutions .... 5
SSH and SSL/TLS: Your Safest
Alternatives ..................................... 6
About AttachmateWRQ .................... 6
AttachmateWRQ • January, 2006
1
Introduction
As the demand for information sharing grows, the Internet has become the medium of choice for organizations
that want quick, easy, and affordable file exchange. Most organizations today use File Transfer Protocol (FTP) to move private
information across the public Internet. But FTP poses serious security risks that cannot be ignored.
This white paper highlights the problem with FTP and outlines
the ten essential features to look for in an FTP replacement.
It describes five scenarios in which products based on
Ten Essential Features to Look for in
an FTP Replacement
the SSH and SSL/TLS protocols can ensure reliable and
The ideal replacement for FTP would provide the protocol’s
affordable file-transfer security. Finally, this paper tells
strengths—speed, ease of use, and interoperability—as
how AttachmateWRQ file-transfer solutions ensure
well as the requisite security required for public Internet
interoperability, confidentiality, and integrity for data
travel. Equipped with these capabilities, you could easily
in motion.
replace traditional EDI, an expensive solution that requires
leased lines and value-added network charges. You could
also augment secure e-mail, another popular file-transfer
The Problem with FTP
In terms of exchanging information, the speed, ease
mechanism that is limited by the size of the attachment
it can deliver.
of use, and affordability of the Internet is undeniable.
The ten essential features to look for in an FTP replacement
For organizations, it is like having a pre-designed
are highlighted below:
telecommunications infrastructure as their disposal. And
1. Industry-standard client connectivity
FTP has become the preferred mode of transportation
Because you cannot control what software your partners
for moving files.
and customers use for their client connections, you want
Because it is a standards-based protocol, FTP is highly
to choose a security solution that is readily available
interoperable. It is also fast, familiar, and easy to use. For
and based on industry-standard protocols. These features
these reasons, it has gained popularity among all types of
will simplify and cut the costs of data exchange. You will
organizations—from large and small businesses to
also want to allow for different styles of doing file transfer.
government agencies and nonprofits.
In some cases, you will want a browser connection using
But FTP has one inherent problem: it is dangerously nonsecure.
Any information transmitted via FTP travels over the network
in clear text, which means anyone with a sniffer can read it.
Furthermore, logons to FTP servers require a user name and
password, which also travel in unprotected clear text and
an on-demand thin client. In others, you will need a
command-line client that can be scripted for automation.
Or you may opt for a Windows client with a graphicaluser interface that makes file transfers easy for users.
2. Data confidentiality
can be easily grabbed by malicious individuals with just a
The Internet is a public network, so it is imperative that
hint of technical savvy. This lack of security is particularly
you scramble sensitive data to make it unreadable
risky for organizations governed by stringent regulations
during transmission. To that end, you need a standard
aimed at protecting sensitive data.
means of encryption, such as Secure Sockets Layer (SSL),
Transport Layer Security (TLS, the newer version of SSL),
or Secure Shell (SSH). These protocols all include a range
of standard encryption ciphers that provide different
strengths of encryption.
2
3. Data integrity
7. Auditing
People with malicious intent thrive on tampering with
If a client or server is compromised and data are retrieved
data—for example, changing account balances or purchase-
illicitly, you will want to know what happened. By logging
order amounts. To ensure that bits remain intact as they
incoming and outgoing transmissions, auditing tools can
travel from client to server or between servers, you will
help identify suspicious usage patterns, inadvertent or
need some type of message authentication code. This
overlooked access, and mischievous or purposeful attacks.
code will also serve as a way to ensure message authenticity.
These tools are crucial to discovering both apparent and
In addition, you will want an automatic way to restart an
subtle forms of intrusion, making them a critical part of
interrupted transfer at the point where the connection
your security solution.
was dropped.
4. Authentication
8. Centralized management
In order to meet growing demands for information from
To launch a secure session, users must be able to verify
whole new audiences of users, centralized management
their identities and establish their rights to connect to
of the client side of the file-transfer process is essential.
a given server. They must also be assured that they are
In fact, it is the only effective way to tackle today’s fast-
connecting to the right server. This two-way authentication
changing configuration and deployment requirements.
should take place in a secure way—either via strong
authentication or via user name and password encryption.
Without a solid authentication method, intruders can
easily gain access to private files and systems via sniffing,
social engineering, or password guessing.
5. Automation
Organizations often automate routine file transfers to save
time and money. For example, large commercial businesses
use batch processing extensively for back-office tasks;
multiple files can be transferred in a batch when the load
on back-office systems is light. These jobs are scheduled
and typically run via scripts. The key is to make sure that
the scripts are using secure mechanisms to upload data.
6. Access control
Most organizations want to give users access only to
specific directories on the internal network, which requires
defining users and their access rights. Organizations also
want to limit the number of open ports in their firewalls
to minimize the chances of malicious traffic getting through.
9. Cross-platform support
Your customers or partners may be running on platforms
that are different from your own, which is probably
heterogeneous. For that reason, the ideal secure filetransfer solution will provide cross-platform support.
10. End-to-end security
Moving a file securely across the Internet is one thing;
getting that file securely to the end point (the server
that it updates) is another. The vast majority of financial
fraud is the result of internal hacking rather than external
penetration of a secure network, so the last leg of
protection, from the DMZ to the back office, is critical.
To guard against these inside jobs, you need end-toend security.
Careful consideration of these issues will help you choose
the safest possible solution for data exchange—and save
you time and money in the long run.
3
Five Secure Data-Exchange Scenarios
Organizations have different secure data-exchange needs.
The following five scenarios show how standards-based
secure file transfer can provide a low-cost and reliable
way to protect data in motion.
Scenario 1: Financial services company
This scenario involves a financial services company that needs
to transfer account information, conduct debit and credit
transactions, and send check images.
The company’s security solution is to run SSH File Transfer
Scenario 2: IT organization
In this scenario, system administrators need to transfer
configuration files, change user accounts, monitor usage
records, and create new web pages.
Because administrators have root access to servers and often
work over the Internet, they must protect their user names
and passwords. By replacing FTP with sftp, the administrators
can ensure that their user names and passwords are encrypted
as they cross the wire. Alternatively, the administrators can
use a stronger method of authentication—user public keys—
to replace their passwords.
Protocol (sftp) and secure copy (scp)—two secure file-transfer
mechanisms that are part of the SSH protocol—on a gateway
or bastion host in the DMZ. This configuration allows
limited application-level access between the external and
the internal networks.
The sftp transfers are interactive, but scp transfers are
automated so no user interaction is required. Authentication
is host-based or accomplished using public keys with agent
Scenario 2: After-hours administrator working from home
forwarding. (Another way to use the gateway host is to use
Scenario 3: Health care organization
the proxy-command feature to tunnel the sftp session from
This scenario centers on a health care organization that
the gateway to the back-office servers.) Just one port—
moves patient records internally, from server to server, and
SSH port 22—needs to be open in the firewall to let these
exchanges them with external entities.
transfers pass through.
After an external audit found passwords and sensitive patient
information traveling across the network in plain text, the
organization received a mandate to shut down FTP. Instead
of FTP, which was used both internally and with partners,
the organization adopted the SSH and SSL protocols. Now,
partners can choose to use either protocol to the DMZ.
Internally, the protocol of choice depends on which one is
best suited to the relevant server environment.
Scenario 1: Partners sending financial information
Scenario 3: A health-care organization moving patient records internally
and externally
4
Scenario 4: Manufacturing company
In this scenario, a manufacturing company in a highly
competitive industry has a number of partners, both for
building its products and for marketing them. The latest
design specs and customer lists represent intellectual property
that needs to be protected, particularly because the industry
is known for industrial espionage.
By using the SSH protocol suite and setting up one server
behind the firewall for all sensitive file transfers, the company
can monitor and safeguard all confidential communications.
AttachmateWRQ: Securing Data
in Motion
For secure file transfer, AttachmateWRQ offers a variety of
client and server solutions that are all based on the industrystandard SSH and SSL/TLS protocols. This section describes
the secure file-transfer capabilities of these protocols and
how they fit into the AttachmateWRQ security solution set.
File transfer capabilities in SSH
The main purpose of SSH is to transmit data over network
connections using strong encryption and authentication
methods. SSH is a replacement for nonsecure Telnet, FTP,
X11, and Berkeley r-commands (rlogin, rcp and rsh)—all
of which transmit data in the clear.
Currently, there are two versions of SSH: SSH1 and SSH2.
The two versions are based on two distinctly different
protocols, and they’re not compatible. Also, SSH1 has
been deprecated and is not recommended for use. For
our purposes—securing file transfers—we are dealing with
SSH2, which has been standardized through the Internet
Scenario 4: A manufacturing company exchanging intellectual property with
partners
Scenario 5: Organizations using services providers
for payroll and health insurance
Whenever organizations exchange employee data (such as
personal identification numbers, insurance claims, and medical
information) with third-party providers, electronic files must
be kept secure. SSH is a good fit here. With scp, file transfers
can be easily automated.
Engineering Task Force (IETF).
In SSH, the rcp (remote copy) command-line utility is replaced
by the scp command-line utility (rcp has traditionally been
used in UNIX environments for copying named files and
directories). FTP is replaced by sftp, which provides all
the functionality of FTP without the risks. Written as a
subsystem for SSH2, sftp encrypts every bit—user names
and passwords, directory listings, and files—exchanged
between an sftp client and server. With the sftp capabilities
in SSH, organizations can turn FTP off and eliminate that
vulnerable point in the network.
SSH uses strong encryption ciphers, such as 3DES and AES,
for data privacy, it also uses hashed message authentication
code (HMAC) algorithms for integrity checking.
Scenario 5: Organizations using service providers for payroll and
health insurance
5
File transfer capabilities in SSL/TLS
Something to consider when pushing FTP through an SSL
SSL was developed to secure transactions over the web.
tunnel is the dual-channel nature of the FTP protocol. FTP
It provides optional certificate-based authentication and
requires two tunnels—one for the control channel and one
secure data transfers using strong encryption. SSL 3.0 was
for the data channel—which means you need to open two
used by the IETF as the basis for developing a standard
ports in your firewall. AttachmateWRQ solutions include a
protocol to duplicate SSL functionality—known as Transport
“firewall-friendly” way of sending FTP traffic over SSL that
Layer Security or TLS.
requires only one port to be open.
SSL 3.0 and TLS 1.0 have slight differences. TLS uses HMAC
AttachmateWRQ security solutions
algorithms for integrity checking, which is harder to break
AttachmateWRQ security solutions include both the SSH
than the MAC used in SSL. But because the differences in
and SSL/TLS protocols:
these two protocols are negligible we will refer to the SSL/TLS
protocol in this paper.
• Reflection for Secure IT
SSH servers for Windows, UNIX, and Linux as well as SSH
thick clients for Windows, UNIX, and Linux.
SSL/TLS does not replace FTP the way that SSH does; rather
SSL/TLS can be used to create secure encrypted tunnels for
FTP traffic. Two RFCs describe how to handle this process:
• Reflection for the Web
SSL/TLS thin clients for any platform and SSL/TLS proxy
server for any platform.
• FTP over SSL (RFC 2228), which extends the FTP
protocol to provide strong authentication, integrity, and
confidentiality on both the control and data channels.
• TLS (RFC 2246), which defines the protocol designed
to allow client/server applications to communicate
• EXTRA! X-treme
SSH and SSL/TLS thick clients for Windows.
• Reflection emulation software
SSH and SSL/TLS thick clients for Windows.
over the Internet without eavesdropping, tampering,
Table 1 provides a quick way for you to see which
or message forgery.
AttachmateWRQ products provide the security measures
you need.
Table 1: AttachmateWRQ Security Solutions
AttachmateWRQ SSL/TLS solutions AttachmateWRQ SSH solutions
Client connectivity
On demand via a browser
Command-line interface
Yes
Thin clients work with any browser.
Yes
Graphical interface
Yes
Interoperability
Yes
Support for RFC 2228 and RFC 2246.
No
Thin client support for sftp not yet available.
Yes
Available with both scp and sftp.
Yes
Available with sftp.
Yes
Support for RFC 4251.
Data confidentiality
Encryption
SSL/TLS
SSH
Yes
Choice of cipher strength, including AES
and 3DES.
Yes
Support for SSL 3.0 and TLS 1.0.
Not applicable
Support for SSH2.
Yes
Choice of cipher strength, including AES, 3DES,
and Blowfish.
Not applicable
Integrity checking through hashed message
authentication codes.
No
Integrity checking through hashed message
authentication codes.
Yes
Yes
Data integrity
Message remains unchanged
Automatic checkpoint restart
continued on next page
6
Table 1: AttachmateWRQ Security Solutions (continued)
AttachmateWRQ SSL/TLS solutions
AttachmateWRQ SSH solutions
User name/password
Public keys
Yes
No
Digital certificates
Yes
Support for x.509 certificates; cert-signing
and cert-generating tool comes with the
management server.
Yes
Yes
Yes
Can be used instead of user name and
password; key agent for SSO to multiple servers;
authentication of both server and client.
Yes
Support for x.509 certificates.
Authentication
Kerberos
Yes
Automation
Scriptable
Scheduled
Yes
Yes
Through external program.
Yes
Yes
Through external program.
Ability to limit access to
specific directories
Ability to set access rights
per user
No
Firewall friendly
Yes
With the SSL proxy server, only one port
needs to be open in the firewall.
Yes
Through chrooting and virtual directories.
Yes
Users can be restricted to sftp only; servers
enforce security permissions for read/write
access to each file and folder.
Yes
Only one port is open in the firewall.
Access control
Yes
Through management server and secure
token authentication feature.
Auditing
Logging
Yes
Ability to set various logging levels; metering
server provides centralized logs and reporting.
Yes
Ability to set various logging levels.
Yes
Client configurations through the
management server.
Yes
Through configuration in the management server.
Yes
Client configurations through the
management server.
Yes
Through configuration in the management server.
Cross-platform support
Yes
Thick clients for Windows; thin clients run in a
browser on any platform; SSL proxy server runs
on any platform with a JVM.
Yes
Thick clients for Windows, UNIX, and Linux;
servers run on Windows, UNIX, and Linux.
End-to-end security
Yes
SSL proxy server can run on the target server or
can use SSL to tunnel from proxy to target server.
Yes
SSH servers generally run on target servers.
Centralized management
Centralized configuration
of connections
Centralized user-access control
SSH and SSL/TLS:
Your Safest Alternatives
Although FTP is a tried and true method of delivering
files over the Internet, its use can seriously jeopardize the
security of your organization’s private information. Replacing
or augmenting FTP with the industry-standard SSH and
SSL/TLS protocols is a practical, reliable, and affordable
alternative. AttachmateWRQ offers a variety of client and
server security options that are based on these protocols.
With our products, which are designed to work with both
existing and planned security policies, you can effectively
ensure the safety of data in motion.
About AttachmateWRQ
AttachmateWRQ, the leader in universal host access and
integration, helps you maximize the value of your existing
IT investments as you advance your long-term business
strategies. More than 40,000 customers, representing over
16 million desktops worldwide, use AttachmateWRQ products
and services to extend, manage, and secure their enterprise
assets. Learn more at www.attachmatewrq.com.
Corporate Headquarters
1500 Dexter Avenue North
Seattle, Washington 98109
TEL 206 217 7500
800 872 2829
FAX 206 217 7515
EMEA Headquarters
The Netherlands
TEL +31 71 368 1100
FAX +31 71 368 1181
Asia Pacific
Headquarters
Australia
TEL +61 3 9825 2300
FAX +61 3 9825 2399
Latin America
Headquarters
Mexico
TEL +52 55 5658 7755
FAX +52 55 5658 6393
WEB
Attachmatewrq.com
E-MAIL
info@attachmatewrq.com
© 2006 Attachmate Corporation. All Rights Reserved. The content of this document is furnished for informational use only, is subject to change without notice, and should not be construed as a commitment
by Attachmate Corporation, dba AttachmateWRQ. AttachmateWRQ assumes no responsibility or liability for any errors or inaccuracies that may appear in the informational content contained in this document.
AttachmateWRQ, the AttachmateWRQ logo, and Reflection are trademarks or registered trademarks of Attachmate Corporation. All other trademarks, trade names or company names referenced herein
are used for identification only and are the property of their respective owners. Except as may be expressly stated in this document, any use of non-Attachmate Corporation trademarks in this document is
not intended to represent that the owners of such trademarks sponsor, are affiliated with, or approve products from AttachmateWRQ. Printed in the USA.
06-0008.0106